1
22
23 package com.liferay.portal.servlet.filters.servletauthorizing;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.CompanyThreadLocal;
31 import com.liferay.portal.security.auth.PrincipalThreadLocal;
32 import com.liferay.portal.security.permission.PermissionChecker;
33 import com.liferay.portal.security.permission.PermissionCheckerFactory;
34 import com.liferay.portal.security.permission.PermissionThreadLocal;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.servlet.filters.BasePortalFilter;
37 import com.liferay.portal.util.PortalInstances;
38 import com.liferay.portal.util.PortalUtil;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import javax.servlet.FilterChain;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45 import javax.servlet.http.HttpSession;
46
47 import org.apache.struts.Globals;
48
49
54 public class ServletAuthorizingFilter extends BasePortalFilter {
55
56 protected void processFilter(
57 HttpServletRequest request, HttpServletResponse response,
58 FilterChain filterChain)
59 throws Exception {
60
61 HttpSession session = request.getSession();
62
63
65 long companyId = PortalInstances.getCompanyId(request);
66
67
70 request.setAttribute(WebKeys.COMPANY_ID, new Long(companyId));
71
72
74 long userId = PortalUtil.getUserId(request);
75 String remoteUser = request.getRemoteUser();
76
77 if (!PropsValues.PORTAL_JAAS_ENABLE) {
78 String jRemoteUser = (String)session.getAttribute("j_remoteuser");
79
80 if (jRemoteUser != null) {
81 remoteUser = jRemoteUser;
82
83 session.removeAttribute("j_remoteuser");
84 }
85 }
86
87 if ((userId > 0) && (remoteUser == null)) {
88 remoteUser = String.valueOf(userId);
89 }
90
91
97 request = new ProtectedServletRequest(request, remoteUser);
98
99 PermissionChecker permissionChecker = null;
100
101 if ((userId > 0) || (remoteUser != null)) {
102
103
105 String name = String.valueOf(userId);
106
107 if (remoteUser != null) {
108 name = remoteUser;
109 }
110
111 PrincipalThreadLocal.setName(name);
112
113
115 userId = GetterUtil.getLong(name);
116
117 try {
118
119
121 User user = UserLocalServiceUtil.getUserById(userId);
122
123
125 permissionChecker = PermissionCheckerFactory.create(user, true);
126
127 PermissionThreadLocal.setPermissionChecker(permissionChecker);
128
129
131 session.setAttribute(WebKeys.USER_ID, new Long(userId));
132
133
135 session.setAttribute(Globals.LOCALE_KEY, user.getLocale());
136 }
137 catch (Exception e) {
138 _log.error(e, e);
139 }
140 }
141
142 try {
143 processFilter(
144 ServletAuthorizingFilter.class, request, response, filterChain);
145 }
146 finally {
147 try {
148
149
151 PermissionCheckerFactory.recycle(permissionChecker);
152 }
153 catch (Exception e) {
154 _log.error(e, e);
155 }
156
157
159 CompanyThreadLocal.setCompanyId(0);
160
161
163 PrincipalThreadLocal.setName(null);
164 }
165 }
166
167 private static Log _log =
168 LogFactoryUtil.getLog(ServletAuthorizingFilter.class);
169
170 }